Security-Enhanced Computer Systems and Methods

Abstract

In general, the invention provides a computer architecture designed for enhanced data security. In embodiments, the architecture comprises two sub-systems, each with their own processing units and memories, and a defined set of interfaces that interconnect the two sub-systems and the external world. One sub-system is designed to provide a familiar environment for running computer applications. The other sub-system is designed to provide a secure bridge between the first sub-system and users via input and output devices.

Description

FIELD OF THE INVENTION[0001]The present invention relates generally to computers, and in particular to computers used in corporations and government organizations where information security is of elevated importance.BACKGROUND OF THE INVENTION[0002]Traditionally, personal and corporate data security functions are implemented in the form of add-on software modules on top of a hardware architecture essentially identical to consumer-grade personal computers, which are designed for affordability. Sometimes security-specific add-on hardware modules are also implemented, e.g. for the purpose of authenticating the user more securely (e.g. smart cards, biometrics). But even in these cases the bulk of the security functionality is implemented traditionally as add-on software components that are sometimes integrated into the operating system but mostly reside in memory and are executed just like any other software application.[0003]A significant problem with this traditional approach is that ...

AI Technical Summary

Benefits of technology

[0012]According to certain aspects, one of the two subsystems is built around a popular processor architecture, such as the x86 which runs the majority of today's personal computers, and is designated as the application-processor subsystem. This processor architecture is chosen for the wide variety of application software and operating systems that are available for it, and aims to maximize the flexibility of the user to install application software of their choice. Unlike a conventional personal computer that is also designed around the x86 architecture, this application-processor has all its peripheral connections routed to the other subsystem instead of to the actual external or internal peripherals. Accordingly, while the software that could run on the x86 is virtually unrestricted, external access to this software or its data is strictly controlled by a dedicated system-processor sub-system which enforces the protections necessary to keep these applications and their data safe.

Problems solved by technology

A significant problem with this traditional approach is that when the security functionality is implemented in software, it may be compromised in a number of different ways.

When a new software component is introduced, there is a risk that it includes a functionality intended for effecting an attack, or that it includes a programming error that could be exploited externally to facilitate an attack.

Also, because the security software is distributed and installed similarly to application software, it is also vulnerable to the same risks.

The virtual memory mechanism has proven quite effective to prevent erroneous software behavior from impacting the stability of the system as a whole, but it was not intended to prevent malicious sabotage, and in every operating system there is a documented mechanism to circumvent the protections furnished by the MMU meant for diagnostic purposes.

These mechanism are often exploited to compromise the security of the computer and the data contained therein.

In one conventional approach to achieve an elevated level of security, some portion of the security mechanism is implemented in a separate and dedicated hardware module, which is designed with additional tamper-resistant features and thereby adds a difficulty level to the potential intruder.

The SIM card construction makes it difficult to disassemble without damaging the embedded memory chip.

Thus the TPM does provide an additional layer of protection, making it impossible to modified some key security-related information token by an unauthorized user.

However, the TPM leaves significant vulnerabilities in the other parts of the system software and its communications that can be exploited for a successful attack.

Images